diff options
author | Michael Tuexen <tuexen@FreeBSD.org> | 2019-09-17 09:46:42 +0000 |
---|---|---|
committer | Michael Tuexen <tuexen@FreeBSD.org> | 2019-09-17 09:46:42 +0000 |
commit | 3c193115440ea21d7811c20326488be4346ed4a2 (patch) | |
tree | 64b87f3601dd794a833b778b871728b4b6b81334 /sys | |
parent | 7f65185940d1cc62c0e76d6fab92236ca75d42d5 (diff) | |
download | src-3c193115440ea21d7811c20326488be4346ed4a2.tar.gz src-3c193115440ea21d7811c20326488be4346ed4a2.zip |
Only allow a SCTP-AUTH shared key to be updated by the application
if it is not deactivated and not used.
This avoids a use-after-free problem.
Reported by: da_cheng_shao@yeah.net
MFC after: 3 days
Notes
Notes:
svn path=/head/; revision=352438
Diffstat (limited to 'sys')
-rw-r--r-- | sys/netinet/sctp_auth.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/sys/netinet/sctp_auth.c b/sys/netinet/sctp_auth.c index d379dd0a143e..f286ebf9d8d4 100644 --- a/sys/netinet/sctp_auth.c +++ b/sys/netinet/sctp_auth.c @@ -523,7 +523,7 @@ sctp_insert_sharedkey(struct sctp_keyhead *shared_keys, } else if (new_skey->keyid == skey->keyid) { /* replace the existing key */ /* verify this key *can* be replaced */ - if ((skey->deactivated) && (skey->refcount > 1)) { + if ((skey->deactivated) || (skey->refcount > 1)) { SCTPDBG(SCTP_DEBUG_AUTH1, "can't replace shared key id %u\n", new_skey->keyid); |